Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers.

"The idea is to share information and figure out where the botnets are getting their instructions from. Once we can identify the command-and-control server, we can act quickly to get it disabled. Once the head goes, that botnet is largely useless," said Roger Thompson, director of malicious content research at Computer Associates International Inc.

Thompson, a veteran anti-virus researcher closely involved in the effort, said the group includes more than 100 computer experts (unofficially) representing anti-virus vendors, ISPs, educational institutions and dynamic DNS providers internationally.

"It's just a bunch of good guys that have an interest in shutting down these botnets. We are dealing here with some very skilled and sophisticated attackers who have proven they know how to get around the existing defense systems," Thompson said in an interview with Ziff Davis Internet News.

Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines.